Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16047
HistoryFeb 13, 2007 - 12:00 a.m.

Miniwebsvr 0.0.6 - Directory traversal

2007-02-1300:00:00
vulners.com
15

Hello!

Miniwebsvr 0.0.6 suffers from a directory traversal flaw.

"Exploit" :

    http://yoursite/..%00

Attack vector seems limited as you're only able to list one level down.

Cheers,

Daniel Nystrom, [email protected]
Fredrik Wessberg, [email protected]